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Top Stories 

• Volkswagen officials announced September 29 that the company will be recalling up to 11 
million diesel vehicles worldwide to address models fit with illegal emissions software. - 
Reuters (See item 3) 

• The U.S. Securities and Exchange Commission announced September 28 that Trinity 
Capital Corporation and its subsidiary agreed to pay $1.5 million to settle allegations that 
the company materially misstated its provision and allowance for loan and lease losses in 
quarterly and annual filings. - U.S. Securities and Exchange Commission (See item 9) 

• An Arkansas official reported September 28 that 41,000 chickens suffocated after an 
inmate at Cummins Unit prison hit an electricity pole that caused the ventilators in the 
chicken enclosure to shut down in August. - Associated Press (See item 16) 

• Two security researchers from Protiviti and NeoHapsis presented on how vulnerabilities in 
thousands of critical medical systems were found exposed online through the Shodan 
search engine. - The Register (See item 18) 
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Energy Sector 



1. September 28, Lansing State Journal - (Michigan) State confiscates gas pump card 
skimmers. The Michigan Department of Agriculture & Rural Development announced 
September 28 that State officials and others found and confiscated a dozen credit card 
skimmers that were hidden in gas station pumps around Michigan following reports of 
increased use of the illegal devices. 

Source: http://www.lansingstateioumal.com/storv/news/local/capitol/2015/09/28/state- 
confiscates-gas-pump-card-skimmers/72981500/ 

Chemical Industry Sector 

Nothing to report 

Nuclear Reactors, Materials, and Waste Sector 

2. September 29, Chattanooga Times Free Press - (Tennessee) NRC grants another 20 
years of operation to Sequoyah plant. The U.S. Nuclear Regulatory Commission 
approved September 29 operating license extensions for Sequoyah Nuclear Power 
Plant’s Unit 1 and Unit 2 reactors in Tennessee through 2041 after the commission 
determined that the Tennessee Valley Authority had an adequate aging program in 
place. 

Source: 

http://www.timesfreepress.com/news/business/aroundregion/story/2015/sep/29/nrc- 

grants-another-20-vears-sequoyah-plant/327674/ 

Critical Manufacturing Sector 

3. September 29, Reuters - (International) Volkswagen to refit cards affected by 
emissions scandal. Volkswagen officials announced September 29 that the company 
will be recalling up to 11 million diesel vehicles worldwide to address models fit with 
illegal emissions software. Analysts believe the move could cost the company over 
$6.5 billion. 

Source: http://www.reuters.com/article/2015/09/29/us-volkswagen-emissions-plan- 
idUSKCN0RT0QL20150929 

4. September 28, U.S. Department of Labor - (Indiana) Safety hazards persist at 
Indiana shipyard. The Occupational Safety and Health Administration cited Corn 
Island Shipyard Inc., in Grandview, Indiana, for 22 safety and health violations 
including use of unsafe aerial lifts and cranes, fall hazards, improper handling of 
compress gas cylinders, flammable and combustible materials, and not having a trained 
shipyard rescue team, among other violations September 28. Proposed penalties total 
$119,700. 

Source: 

https://www.osha.gov/pls/oshaweb/owadisp.show document?p table=NEWS RELEA 
SES&p id=28788 
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5. September 28, U.S. Department of Labor - (Illinois) Aerial lift collapses, worker 
plummets at railcar facility. The Occupational Safety and Health Administration cited 
GBW Railcar Services LLC for 2 willful, 2 serious, and 1 other-than-serious safety and 
health violation at its Wood River, Illinois facility, including exposing workers to 
multiple fall and electrical hazards, failing to train employees on procedures to prevent 
contact with energized electrical parts, among other charges September 28. Proposed 
penalties total $109,000. 

Source: 

https://www.osha.gov/pls/oshaweb/owadisp.show document?p table=NEWS RELEA 
SES&p id=28773 

6. September 28, Reuters - (International) Audi says 2.1 million cars affected by diesel 
emission scandal. Audi officials announced September 28 that about 2.1 million Audi 
Al, A3, A4, A5, A6, TT, Q3, and Q5 vehicles worldwide and 13,000 vehicles in the 
U.S. were fitted with illegal software that allowed Volkswagen to cheat U.S. emissions 
tests. 

Source: http://www.reuters.com/article/2015/09/28/us-volkswagen-emissions-audi- 
idUSKCN0RS0Y720150928\ 

7. September 28, WHIO 7 Dayton - (Ohio) Violent chemical reaction prompts 
evacuation in Kettering. Kettering fire and HAZMAT crews responded to a chemical 
explosion September 28 at Mound Laser & Photonics Center after 2 incompatible 
chemicals mixed together and created a violent reaction, prompting an evacuation of 
the facility. Two people were sent to an area hospital for observation. 

Source: http://www.whio.com/news/news/local/hazmat-crew-called-to-kettering-tech- 
business/nnqMm/ 

Defense Industrial Base Sector 

See item 7 

Financial Services Sector 

8. September 29, Lincoln Journal Star - (Nebraska) 5 teens arrested for suspected ATM 
skimming operation. Officials arrested 5 teens September 25 for their roles in an 
ATM fraud operation in which the suspects allegedly planted skimming devices at 3 
Pinnacle Bank locations in Lincoln. Authorities believe the suspects may be part of a 
national criminal enterprise responsible for losses of thousands of dollars at ATMs in 
17 States. 

Source: http://ioumalstar.com/news/local/911/teens-arrested-for-suspected-atm- 
skimming-operation/article 9dce4b 14-cl83-55al-801 a-a40e 1 8f79 1 5 6 .html 

9. September 28, U.S. Securities and Exchange Commission - (National) SEC charges 
Trinity Capital Corporation and former bank executives with accounting fraud. 
The U.S. Securities and Exchange Commission announced September 28 that Trinity 
Capital Corporation and its subsidiary, Los Alamos National Bank, agreed to pay $1.5 
million to resolve allegations that the company materially misstated its provision and 



- 3 - 



allowance for loan and lease losses in multiple quarterly and annual filings, including 
understating its 2011 net loss to common shareholders by $30.5 million. Five current or 
former executives were also charged for allegedly manipulating the company’s 
financial results and for failing to implement internal loan accounting controls. 

Source: http ://www . sec . gov/news/pressrelease/20 15-215 .html 

Transportation Systems Sector 

10. September 29, WABC 7 New York City - (New York) Aer Lingus flight has landing 
gear issues in emergency landing at JFK Airport. An Aer Lingus flight headed to 
Ireland returned to New York’s John F. Kennedy International Airport shortly after 
take-off due to a hydraulic failure that resulted in landing gear door problems and a flap 
failure September 29. The plane landed safely while 12 to 20 fire trucks responded to 
the scene. 

Source: http://abc7nv.com/travel/aer-lingus-flight-experiences-fire-in-brakes-upon- 
emer gene y-landin g-at- jfk-airport/ 1 007 055/ 

11. September 28, Seattle Times - (Washington) 2 Southwest Airlines planes bump at 
Sea-Tac; no injuries. Two Southwest Airlines Jets were taken out of rotation at 
Seattle-Tacoma International Airport September 28 after the two jets had a slow- 
moving collision. There were no reports of injuries and the incident occurred in the 
cargo area. 

Source: http://www.seattletimes.com/seattle-news/2-southwest-airlines-planes-collide- 
while-taxiing-at-sea-tac/ 

12. September 28, WDIV 4 Detroit - (Michigan) Delta flight from Detroit to Las Yegas 
makes emergency landing in Omaha. A Delta flight headed to Las Vegas from 
Detroit was diverted to Omaha, Nebraska, due to a small fire that broke out in the 
plane’s bathroom September 28. No injuries were reported and passengers waited for 
another plane to continue to Las Vegas. 

Source: http://www.clickondetroit.com/news/delta-flight-from-detroit-to-las-vegas- 
makes-emergency-landing-in-omaha/35542334 

13. September 28, WCHS 8 Charleston - (West Virginia) All lanes at 1-77 near Edens 
Fork exit reopen after wreck. Interstate 77 at mile marker 106 in Sissonville was shut 
down for several hours September 28 while crews responded to a 5 -vehicle accident 
that left 1 person with minor injuries. 

Source: http://www.wchstv.com/news/features/eyewitness-news/stories/I77-S-Shut- 
Do wn-From-Car- Pile-Up-21 1006.shtml#.VgqWistViko 

14. September 28, WPLG 10 Miami - (Florida) Taxi cab driver killed in police-involved 
shooting on 1-95. Southbound lanes of Interstate 95 in Miami-Dade County were shut 
down for several hours due to a police-involved shooting that killed a taxi cab driver 
after the taxi cab crashed into a sign, leading into a chase that occurred once police 
arrived to the scene. No police were injured during the incident. 

Source: http://www.locall0.com/news/police-activity-shuts-down-i95-at-nw-125th- 
st/35525682 
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For another story, see item 5 

Food and Agriculture Sector 

15. September 28, U.S. Food and Drug Administration - (National) Press release for 
voluntary recall of Kermit, Inc. products. DeLand, Florida-based Kermit, Inc., 
issued a voluntary recall September 25 for a variety of its sauce and marinade products 
packaged in clear glass bottles due to misbranding and undeclared soy and wheat 
allergens. The products were distributed to retail stores in Florida, Maryland, and sold 
through Internet sales. 

Source: http://www.fda.gov/Safety/Recalls/ucm464517.htm 

16. September 28, Associated Press - (Arkansas) Power outage kills thousands of 
Arkansas prison’s chickens. An Arkansas Department of Correction official reported 
September 28 that 41,000 chickens suffocated after an inmate at Cummins Unit prison 
hit an electricity pole that caused the ventilators in the chicken enclosure to shut down 
in August. Officials reported that the chickens will cost more than $200,000 to replace 
and that the department will purchase a generator to mitigate future emergencies. 
Source: http://www.mvfoxmemphis.com/storv/30135685/power-outage-kills- 
thousands-of-arkansas-prisons-chickens 

Water and Wastewater Systems Sector 

Nothing to report 

Healthcare and Public Health Sector 

17. September 29, MassLive.com - (Massachusetts) Massachusetts General Hospital to 
pay $2.3M to resolve allegations of allowing hospital employees to obtain drugs for 
personal use. The Massachusetts U.S. Attorney’s Office announced the week of 
September 28 that Massachusetts General Hospital will pay $2.3 million and 
implement stricter security measures following allegations that it lacked controls within 
the hospital which allowed staff to obtain controlled substances for personal use. 

Source: http://www.masslive.com/business- 

news/index.ssf/2015/09/mass general to pay 23m to resolve alleg.html 

18. September 29, The Register - (International) Thousands of ‘directly hackable’ 
hospital devices exposed online. Two security researchers from Protiviti and 
NeoHapsis presented at Derbycon on how vulnerabilities in thousands of critical 
medical systems including Magnetic Resonance Imaging (MRI) machines and nuclear 
medical devices, were found exposed online through the Shodan search engine. The 
researchers were able to manipulate search terms specifically targeting specialty clinics 
and found thousands with misconfiguration and direct attack vectors. 

Source: 

http://www.theregister.co.uk/2015/09/29/thousands of directly hackable hospital dev 
ices found exposed/ 
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19. September 28, WLS 7 Chicago - (Illinois) Rochelle man charged in Rockford 

medical clinic shooting. A gunman was taken into custody without incident more than 
4 hours after opening fire on the second floor of the Crusader Community Health Clinic 
in Rockford September 28, keeping officers at bay for a few hours. Patients and staff 
were all safety evacuated while the suspect remained in the clinic until he surrendered. 
Source: http://abc7chicago.com/news/active-shooter-in-rockford-medical-clinic- 



71006616/ 



For another story, see item 7 

Government Facilities Sector 



20. September 28, Arlington Heights Daily Herald - (Illinois) U-46 schools reopen after 
Legionella bacteria scare. Eastview Middle School, Larkin High School, and the 
Elgin Area School District U-46 Educational Services Center in Illinois reopened 
September 28 after closing September 23 when unusually high levels of the Legionella 
bacteria were found in the water cooling towers. All 19 cooling towers were drained 
and flushed 4 times in order to disinfect and remove any hard water that remained in 
the towers. 

Source: http://www.dailvherald.com/article/20150928/news/150928781/ 

21. September 28, SC Magazine - (Kentucky) About 2,800 Kentucky high school 
students notified of breach. Oldham County Schools in Kentucky notified about 2,800 
current and former North Oldham High School students that their personal information 
including Social Security numbers may have been compromised in a September 10 
breach involving a phishing scheme that allowed access to a nutrition services 
computer at the school. 

Source: http://www.scmagazine.com/about-2800-kentucky-high-school-students- 
notified- of-breach/article/44 1410/ 



22. September 28, Atlanta Journal-Constitution - (Georgia) Water main fixed, students 
returning to 2 evacuated DeKalb schools. Murphey Candler Elementary School and 
Arabia Mountain Middle School in DeKalb County resumed classes September 29 
following repairs after the schools were evacuated and closed September 28 due to a 
water main break. 

Source: http://www.aic.com/news/news/local/two-dekalb-schools-evacuated-after- 
water-main-brea/nnp6j/ 

Emergency Services Sector 

See item 16 

Information Technology Sector 

23. September 29, IDG News Service - (International) Newly found TrueCrypt flaw 
allows full system compromise. A security researcher from Google’s Project Zero 
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team discovered two vulnerabilities in TrueCrypt hard drive encryption software which 
could allow attackers to obtain elevated system privileges if they have access to a 
limited user account. VeraCrypt released patches for the vulnerabilities, and users were 
advised to switch products for these and other security improvements. 

Source: http://www.networkworld.com/article/2987436/newlv-found-truecrvpt-flaw- 
allows-full-system-compromise.html#tk.rss all 

24. September 28, Softpedia - (International) VBA malware makes a comeback inside 
booby-trapped Word documents. Security researchers from Sophos released research 
findings revealing that hackers are increasingly using Visual Basic for Applications 
(VBA) to deliver malware in Microsoft Word documents, and that the company 
discovers 50 - 100 new VBA templates every month which primarily deliver the 
Dridex, CryptoWall, Dyreza, and Zbot malware, among other findings. 

Source: http://news.softpedia.com/news/vba-malware-makes-a-comeback-inside- 
boobv-trapped-word-documents-493005.shtml 

Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 



Communications Sector 

Nothing to report 

Commercial Facilities Sector 



25. September 28, State College Centre Daily Times - (Pennsylvania) North Atherton 
Wal-Mart evacuated for third time. Patton Township police reported September 28 
that 3 separate bomb threats were made at a Walmart store in State College, 
Pennsylvania, from September 24 - September 28 which prompted the evacuation and 
closure of the store during each incident while officials searched and cleared the scene. 
An investigation into the threats is ongoing. 

Source: http://www.centredailv.com/2015/09/28/4942867 atherton-wal-mart- 
cvacuatcd-again.html?rh=l 

Dams Sector 



Nothing to report 
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Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday 
through Friday] summary of open-source published information concerning significant critical 
infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for 10 days on 
the Department of Homeland Security Web site: http://www.dhs.gov/lPDailvReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support @ govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert. gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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